CVE-2023-37602

MEDIUM

Alkacon Opencms - XSS

Title source: rule

Description

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

Exploits (1)

exploitdb WORKING POC

by tmrswrr · textwebappsjava

https://www.exploit-db.com/exploits/51564

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51564

Scores

CVSS v3 6.1

EPSS 0.0035

EPSS Percentile 57.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

alkacon/opencms 15.0.0

org.opencms/opencms-core 0Maven

Published Jul 20, 2023

Tracked Since Feb 18, 2026